From the many GDPR-related emails we have all received this week, it should be no surprise to you that today is an important day for data privacy. Given the significance of this landmark day, I’d like to share a few thoughts on why you shouldn’t be worried about the implications of GDPR on our solutions. At Sievo we welcome the GDPR because we protect data by design
GDPR [a.k.a. General Data Protection Regulation] is a topic everyone has been talking about lately, and with its eddective date today, many people have asked us, customers included, what have we done regarding GDPR. To be honest, not that much really. This might sound scary for many who are not familiar with the topic, but to put it simply and to bring ease to everyone: Sievo focuses on protecting data since the beginning of our journey. What does that mean?
Before opening this statement, let's quickly recap what GDPR is fundamentally about: it is about protecting the personal data of individuals and enabling them to have access and modify or delete that information. The GDPR establishes strict global data protection requirements governing how personal data is managed and protected, while respecting individual choice — regardless of where the data is sent, processed, or stored.
So, what does this mean for Sievo and where do we stand? Sievo delivers SaaS Services for enterprises and government organizations. Security of customer data is a standard key element in these deliveries. In case of data breach or data security issues, the impact on the core business of Sievo would be immense, GDPR or not. Data protection is just a one piece in our overall information security, albeit important one. Information security is very high on our agenda, with regular security assessments including regular penetration tests and ISO 270001 certification audit. We will also expand our ￼ offering by getting ISAE 3000 assurance report in 2018.offering by getting ISAE 3000 assurance report in 2018.
ISO 27001 certification has made our GDPR compliance efforts a lot easier. This is because many of ISO 27001 requirements are overlapping with GDPR requirements. Just to name a few: protection of data, risk-based approach, supplier management and evaluation, incident response... based approach, supplier management and evaluation, incident response...
So now you understand why the tasks needed to achieve GDPR compliance were refinements in our existing processes rather than a full revamping of our ways of dealing with personal data. These refinements are now mostly done: amongst other things we are review of our contracts templates, nomination of a Data Protection Officer, clarifying our website, raising awareness inside and outside of our company, and communicating with our customers.
So, don’t be worried: we are covered, and so are you with us!